Search

c.i.a bytes

Digestible pieces on Information Security

Open Search
Category

Information Technology

PHISHING – Part 2

There are a wide variety of methods uses to perpetrate phishing attacks, some of which include:

  • Email / SpamWeb Based Delivery
  • Instant Messaging
  • Session Hacking
  • Trojan HostsLink
  • System Reconfiguration
  • Content Injection
  • Phone Phishing
  • Malware Phishing
  • Key Loggers

CURRENT TRENDS IN PHISHING

Initially, phishing was categorized as a type of spam, however due to current trends in phishing attacks it has emerged has a category of cyber-attack that can stand on its own. In fact, there are now many variants of phishing attacks which will be discussed in following articles and according to [1] email has been surpassed as the most common distribution instrument for phishing attacks. Links followed while web browsing and using messaging systems such as skype, account for over 80% of registered phishing attacks.

THE PHISHING PROCESS

Executing a phishing attack has a few stages, the following is a common approach used:

  1. The attacker obtains the e-mail addresses of the intended victims.
  2. The attacker generates an email that appears genuine and requests the email recipient to perform some action.
  3. The attacker sends the email to the intended victims in a way that seems to be legitimate,  obscuring the true source.
  4. Depending on the content of the email, the recipient opens a malicious attachment, completes a form, or visits a web site.
  5. The attacker stores the victim’s sensitive information and exploits it for some kind of gain.

CONTEMPORARY PHISHING ATTACKS

phishing

The increase in the use of technology has also resulted in the increase in the number of methods and platforms used to execute phishing attacks. The following are a lists of common variations of traditional phishing attacks:

SMiShing

Definition: A form of Phishing that uses short messaging services (SMS) or text messages on mobile devices as a means of gather information that will then be used to exploit the victim.

Continue reading “PHISHING – Part 2”

0

Cloud Computing

The United States National Institute of Standards and Technology’s (NIST) defines cloud computing as: “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.” C.I.A Bytes puts it this way, in traditional computing the computer and its peripherals such as

C.I.A Bytes puts it this way, in traditional computing the computer and its peripherals such as keyboard, printer and hard drive combine to perform a series of inputs, outputs, processing and storage while being physically located in the same space or very close proximity. In the cloud computing environments it is quite similar, the key difference being that the storage device(s) and often processing are no longer located in the same place as the input and output peripherals, thus a network interface becomes necessary to provide access to data assets held on the storage device(s). There are three categories of services, offered by the Cloud: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).

0

Create a free website or blog at WordPress.com.

Up ↑